Skip to content
Ansible Role to Deploy Keylime
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
roles/ansible-keylime
tests
travis
.ansible-lint
.gitignore
.travis.yml
LICENSE
README.md
Vagrantfile
playbook.yml
site.yml

README.md

Ansible Keylime

Build Status Gitter chat

Ansible role to deploy Keylime against a Hardware TPM.

The role is currently configured to work with Fedora 29. Contributions are welcome, should anyone wish to have this role provision other Linux distributions.

For details on using Keylime, please consult the project documentation

Usage

Run the example playbook against your target remote host(s).

ansible-playbook -i your_hosts playbook.yml

Get started with Keylime

The best way to get started is to read the [Keylime Documentation]https://keylime-docs.readthedocs.io/en/latest/), however if you're keen to get started right away. Follow these steps.

You first of all need to decide on if you will use the revocation framework, if so you will need to install golang and set the following value in /etc/keylime.conf

ca_implementation = cfssl

Alternately you can set openssl which has no other dependencies.

You now need to start the following three services.

# keylime_verifier

# keylime_registrar

# keylime_agent

Note: Keylime Agent requires a TPM active that the agent can take ownership on

You can now set up a use case, a good first scenario to try out would be IMA Integrity Monitoring

For more detailed set up scenarios, see the Keylime documentation

Vagrant

If you prefer, a Vagrantfile is available for provisioning.

Clone the repository and then simply run vagrant up --provider <provider> --provision

For example, using libvirt:

vagrant up --provider libvirt --provision

For example, using VirtualBox:

vagrant up --provider virtualbox --provision

Once the VM is started, vagrant ssh into the VM and run `sudo su - to become root.

You can then start the various components using commands:

keylime_verifier
keylime_registrar
keylime_agent

WebApp

The web application can be started with the command keylime_webapp. If using Vagrant, port 443 will be forwarded from the guest to port 8443 on the host.

This will result in the web application being available on url:

https://localhost:8443/webapp/

License

Apache 2.0

Contribute

Please do! Pull requests are welcome.

Please ensure CI tests pass!

Contributors

You can’t perform that action at this time.